ferm: don't filter input by interface but only by ip

This allows VMs to talk to the host (Closes #6251)
2015-01-07 15:15:55 +01:00 · 2015-01-07 15:15:55 +01:00 · 5dcff45f98
parent e7acd24479
commit 5dcff45f98
1 changed files with 1 additions and 1 deletions
--- a/ferm/ferm.conf
+++ b/ferm/ferm.conf
@ -65,7 +65,7 @@ table filter {
        proto icmp icmp-type echo-request ACCEPT;

        # local services
-        interface $DEV_WAN daddr $IP_WAN mod state state NEW {
+        daddr $IP_WAN mod state state NEW {
            # DNS requests
            @if $DNS_ON_WAN proto (udp tcp) dport 53
                mod comment comment "DNS on WAN"